General
-
Target
dc4fc5fe87f50d46569b17b231d3b615_JaffaCakes118
-
Size
247KB
-
Sample
240912-p1wzasvhjh
-
MD5
dc4fc5fe87f50d46569b17b231d3b615
-
SHA1
d593f25ede63e58f361a9c9489d63c5d817af6e7
-
SHA256
6fdf58c2a936af7126c16e55f6d1a65b919554c3bbebbc79e8889d5fcf2d2ac8
-
SHA512
f09c257d786b81c1bb54e1c6af0efac48131bcc92e3475bda5307b432e0e385be4d4970977d77930b45d3ba774f3db0c8df36c9827fdf6c546aeaf6dfe582e48
-
SSDEEP
6144:CPpszgBdY+90S/GXHyiIrPj0NmWtNIc4xqBpoSI:vgBdY+90/yiq0NxD3poS
Malware Config
Targets
-
-
Target
dc4fc5fe87f50d46569b17b231d3b615_JaffaCakes118
-
Size
247KB
-
MD5
dc4fc5fe87f50d46569b17b231d3b615
-
SHA1
d593f25ede63e58f361a9c9489d63c5d817af6e7
-
SHA256
6fdf58c2a936af7126c16e55f6d1a65b919554c3bbebbc79e8889d5fcf2d2ac8
-
SHA512
f09c257d786b81c1bb54e1c6af0efac48131bcc92e3475bda5307b432e0e385be4d4970977d77930b45d3ba774f3db0c8df36c9827fdf6c546aeaf6dfe582e48
-
SSDEEP
6144:CPpszgBdY+90S/GXHyiIrPj0NmWtNIc4xqBpoSI:vgBdY+90/yiq0NxD3poS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2